General

  • Target

    76cfebf5f02b172ebacce2eed8cfce2e

  • Size

    402KB

  • Sample

    240126-jvqbnshcg5

  • MD5

    76cfebf5f02b172ebacce2eed8cfce2e

  • SHA1

    b486be70228709773c3d47b3b28038341fd5eb2a

  • SHA256

    40433a077e5698641b0e57c21dae3730b6c96a2e03bc01eda7adf53764031d77

  • SHA512

    8fca51c8233d85b22d2e4c2b335875bdaa1aaf9ab570522d179932f01435fc2ef3b0556b2e5aa8b683459ecc8645af6cbd0624077ac062849767e8a74a2393fd

  • SSDEEP

    6144:smaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDg0:FSmLAuEY71fviagATFmebVQDcYcA

Malware Config

Extracted

Family

njrat

Version

0.6.4

Botnet

pdf

C2

hhhmach.ddns.net:1177

Mutex

5cd8f17f4086744065eb0992a09e05a2

Attributes
  • reg_key

    5cd8f17f4086744065eb0992a09e05a2

  • splitter

    |'|'|

Targets

    • Target

      76cfebf5f02b172ebacce2eed8cfce2e

    • Size

      402KB

    • MD5

      76cfebf5f02b172ebacce2eed8cfce2e

    • SHA1

      b486be70228709773c3d47b3b28038341fd5eb2a

    • SHA256

      40433a077e5698641b0e57c21dae3730b6c96a2e03bc01eda7adf53764031d77

    • SHA512

      8fca51c8233d85b22d2e4c2b335875bdaa1aaf9ab570522d179932f01435fc2ef3b0556b2e5aa8b683459ecc8645af6cbd0624077ac062849767e8a74a2393fd

    • SSDEEP

      6144:smaKVBGmE84IMNv55giU0pKiFYHxfx15RvOagakZBxkTN2gmeGcFnVQb/DAYbDg0:FSmLAuEY71fviagATFmebVQDcYcA

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks